IRC-Based Botnets Almost Vanishing!

Botnet Number that is controlled over web servers are five times the number of botnets controlled by IRC-channels this is according to a new research conducted by Team Cymru Security experts.

The IRC botnet has decreased significantly due to some limitation over controlling and sending different instruction by the command-and-control (C&C) servers.

“the US is significantly ahead of anyone else”, says Steve Santorelli, Team Cymru’s director of global outreach in San Diego.

Santorelli and his colleagues also detected a daily average of 226 C&C servers in China and 92 in Russia. But European countries not usually linked with cybercrime were in a similar range, with an average of 120 C&C servers based in Germany and 64 in the Netherlands.

Today there are many ways to control infected hosts and send instructions to each machine. It all depends on the specific settings. the current type of protocol that are mostly used includes:

* Web server – management through a Web interface. Currently, the most common way as provided by Team Cymru (Zeus is an example of this form of Botnet).

* Instant Message – the transfer of command on one of the IM-protocols (Skype ,jabber, MSN, etc.) but this form Used in the bot-networks with a small number of machines.

* IRC Channels – this has been the first form of zombies but it has some limitation and is not often used because command-and-control (C&C) servers maybe isolated at any time from his network and will not be able to send instructions.

* Twitter and social networks also may be used by Botnet as they provide a high scalability and they provide a flexible API for all users.

By All these means of zombie’s communication, botnets that are managed through HTTP, are more convenient in the construction and maintenance, while difficult to detect their activity; therefore not surprising that criminals prefer them – every year and a half the number of malicious networks of this type is doubled.